Tech Giants, Telcos Get OK to Release Stats on NSA Spying

In Obama’s speech 10 days ago outlining surveillance reforms, the president promised he would allow corporations like Google, Apple and Microsoft to be more transparent with their customers about NSA spying.

“We will also enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government,” the president said.

Today, we learned what that means. The Justice Department announced (.pdf) that for the first time corporate America may publicly report a broad range of vague and inexact figures about the number of secret orders they receive from the Foreign Intelligence Surveillance Court.

The companies may begin reporting the number of FISA orders in bands of 1,000. Each company can also report the number of accounts affected collectively by the FISA orders, but, also, only in ranges of 1,000.

Companies were previously blocked from disclosing any of that information.

The change “strikes an appropriate balance between the competing interests of protecting national security and furthering transparency,” said Deputy Attorney General James Cole in a letter to the general counsels of Yahoo, Microsoft, LinkedIn, Google and Facebook, who had fought for the right to disclose FISA counts to their customers.

The guidelines are roughly the same that already apply to another type of secret order, called a “National Security Letter.” After a private deal with Google last summer, the government allowed the media giant to report the number of National Security Letters it received and the number of accounts affected by them, all in ranges of 1,000. For 2012, the latest year in which figures were available, Google had said it received 0-999 National Security Letters affecting 1000-1999 accounts.

National Security Letters allow the government to get detailed information on Americans’ finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and has even been reprimanded for abusing them.

The companies may publish the figures one every six months, with a six-month delay in reporting periods. The government also ordered a two-year delay for companies to report snooping stats following “the first order that is served on a company for a platform, product, or service (whether developed or acquired) for which the company has not previously received such an order.”

For example, if Google unveiled Gmail today as a service, it would have to delay reporting surveillance stats on that product for two years.

In case the first option doesn’t float a company’s boat, the government announced what it is calling “Option Two.”

Under that, companies, which also include telephone providers and even Twitter, may report “the total number of all national security process received, including all NSL’s and FISA orders, reported as a single number in the following bands: 0-249 and thereafter in bands of 250.”

Also, service providers can disclose “the total number of customer selectors targeted under all national security process, including all NSLs and FISA orders, reported as a single number in the following bands, 0-249, and thereafer in bands of 250.”

To be sure, today’s announcement will provide the public more statistical information than ever was publicly available concerning the reach of government spying and with the assistance of corporate America. But the data may be of minimal public value.